BREACH NOTIFICATION POLICY

Size: px
Start display at page:

Download "BREACH NOTIFICATION POLICY"

Transcription

1 PRIVACY 2.0 BREACH NOTIFICATION POLICY Scope: All subsidiaries of Universal Health Services, Inc., including facilities and UHS of Delaware Inc. (collectively, UHS ), including UHS covered entities ( Facilities ). Purpose: To establish procedures for the notification of individuals, prominent media, and the Secretary of the U.S. Department of Health and Human Services, as appropriate, following the discovery of a breach of unsecured protected health information (PHI) by a Facility or its Business Associate(s), and to identify when the unauthorized acquisition, access, use or disclosure of unsecured PHI is a breach for notification purposes. Definitions: Terms not defined in this Policy and the UHS HIPAA Definitions Policy shall have the meaning as set forth in any related State or Federal privacy law including the Health Insurance Portability and Accountability Act of 1996, Public Law ( HIPAA ) and regulations promulgated there under by the U.S. Department of Health and Human Services ( HHS ) at 45 CFR Part 160 and 164, Subparts A and E ( Privacy Regulations or Privacy Rule ) and Subparts A and C ( Security Regulations or Security Rule ), the Health Information Technology for Economic and Clinical Health Act ( HITECH ) privacy and security provisions of the American Recovery and Reinvestment Act (Stimulus Act) for Long Term Care, Public Law 111-5, the American Recovery and Reinvestment Act of 2009 ( ARRA ), Title XIII and related regulations. Breach means an acquisition, access, use, or disclosure of protected health information (PHI) that is not permitted under the Privacy Rule, which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information. Breach excludes: (i) any unintentional acquisition, access, or use of PHI information by a workforce member or person acting under authority of a covered entity or a business associate, if made in good faith and within the scope of authority and does not result in further unauthorized or unlawful use or disclosure; (ii) any inadvertent disclosure by a person who is authorized to access PHI at a covered entity or business associate to another person authorized to access PHI at the same covered entity or business associate, or organized health care arrangement in which the covered entity participates, and the information received as a result of such disclosure is not further used or disclosed in an unauthorized or unlawful manner; or (iii) a disclosure of PHI where a covered entity or business associate has a good faith belief that an unauthorized person to whom the disclosure was made would not reasonably have been able to retain such information. Policy: It is UHS policy to provide notification of the breach of unsecured PHI in accordance with the requirements of HIPAA and The Health Information Technology for Economic and Clinical

2 Health (HITECH) Act, and implementing regulations. Breach notification is necessary in all situations except where the covered entity or business associate demonstrates that there is a low probability that the protected health information has been compromised, or when one of the exceptions to the definition of a breach applies. In addition, documentation sufficient to demonstrate breach notification determinations must be maintained. Procedure: Unauthorized Breach of Unsecured PHI The Facility Privacy Officer will determine whether there has been a breach of unsecured PHI. PHI is Unsecured when it is not rendered unusable, unreadable or indecipherable to unauthorized individuals through the use of encryption and/or destruction. The local Privacy Officer will investigate potential breaches and take steps to mitigate losses and protect against any further breaches. The Facility Privacy Officer will notify the UHS Corporate Compliance Office regarding any potential breaches. Determining Whether the Disclosure Requires Breach Notification Not every unauthorized acquisition, access, use or disclosure of unsecured PHI will require notification. To determine whether a breach has occurred, the Facility Privacy Officer will work with the UHS Corporate Compliance Office. First, they will determine whether the incident falls within an exception to the definition of breach, using the Instructions and Worksheet attached as Exhibits 1 and 2 to this policy. If the incident does not fall within one of the exceptions to the definition of a breach, then any acquisition, access, use or disclosure of unsecured PHI that is not permitted under the Privacy Rule is presumed to be a breach unless, as described in this Policy, the Facility through its Privacy Officer demonstrates there is a low probability that the PHI has been compromised, based on a risk assessment of at least the following factors, as well as any other relevant factors discovered in the investigation: (i) The nature and extent of the protected health information involved, including the types of identifiers and the likelihood of re-identification; (ii) The unauthorized person who used the protected health information or to whom the disclosure was made; (iii) Whether the protected health in-formation was actually acquired or viewed; and (iv) The extent to which the risk to the protected health information has been mitigated. The Facility Privacy Officer, in consultation with senior management at the Facility and the Corporate Compliance Office, will determine this by using the Instructions and Breach Notification Worksheet attached as Exhibit 1 and Exhibit 2 to this Policy. If a determination is made that there is a low probability that the PHI has been compromised, the Facility Privacy

3 Officer will maintain documentation sufficient to support the determination and to meet the Facility s burden of proof. Notification to Individuals The Facility will, following the discovery of a breach of unsecured PHI that requires notification (using the Worksheet), notify each individual whose unsecured PHI has been, or is reasonably believed by the Facility to have been, accessed, acquired, used, or disclosed as a result of such breach. Timelines for Notification The Facility Privacy Officer will assure proper breach notification. The Facility Privacy Officer will contact the UHS Corporate Compliance Office in advance of notification, to review the reporting of any breaches. The Facility will provide the notification required by this Policy as soon as reasonably possible after taking a reasonable time to investigate the circumstances in order to collect and develop the information required to be included in the notice to the individual. Notification will be provided in no case later than 60 calendar days after discovery of a breach. A breach will be treated as discovered by the Facility as of the first day on which the breach is known or, by exercising reasonable diligence should have been known, by the Facility or any person who is a workforce member, Business Associate, or agent of the Facility (other than the person committing the breach). The time period begins when the incident is first known, not when the investigation is complete, even if it is unclear whether the incident constitutes a breach. Content of Notification The notification required by this Policy will be written in plain language, must not include extraneous materials, and must include all of the following: 1. A brief description of what happened, including the date of the breach and the date of the discovery of the breach, if known; 2. A description of the types of unsecured protected health information that were involved in the breach (such as whether full name, social security number, date of birth, home address, account number, diagnosis, disability code, or other types of information were involved); 3. Any steps individuals should take to protect themselves from potential harm resulting from the breach;

4 4. A brief description of what the covered entity is doing to investigate the breach, to mitigate harm to individuals, and to protect against any further breaches; and 5. Contact procedures for individuals to ask questions or learn additional information, which will include a toll-free telephone number, an address, Web site, or postal address. Methods of Notification by the Facility The notification required by this Policy will be provided using the following methods, and may be provided in one or more mailings as information is available: 1. Written Notice: a) Written notification will be sent by first-class mail to the individual at the last known address of the individual or, if the individual agrees to electronic notice and such agreement has not been withdrawn, by encrypted electronic mail. The notification may be provided in one or more mailings as information is available; or b) If the Facility knows the individual is deceased and has the address of the next of kin or personal representative of the individual, written notification will be sent by first class mail to either the next of kin or personal representative of the individual. 2. Substitute Notice: a) Where there is insufficient or out-of-date contact information that precludes written notification to the individual, a substitute form of notice reasonably calculated to reach the individual will be used. Substitute notice need not be provided in the case in which there is insufficient or out-of- date contact information that precludes written notification to the next of kin or personal representative of the individual. b) When there is insufficient or out-of-date contact information for fewer than 10 individuals, then such substitute notice may be provided by an alternative form of written notice, telephone, or other means. c) When there is insufficient or out-of-date contact information for 10 or more individuals, then the substitute notice will: Be in a form of either a conspicuous posting for a period of 90 days on the home page of the Web site of the Facility, or conspicuous notice in major print or broadcast media in geographic areas where the individuals affected by the breach likely reside; and

5 Must include a toll-free number that remains active for at least 90 days where the individual can learn whether the individual s unsecured PHI may have been included in the breach. 3. Additional Notice in Urgent Situations: In any case the Facility deems to require urgency because of possible imminent misuse of unsecured PHI, the Facility may provide information to individuals by telephone or other means, as appropriate, in addition to notice provided for in this Policy. 4. Notification to the Media For a breach of unsecured PHI involving 500 or more residents of a State or jurisdiction (city/county), the Facility Privacy Officer will notify prominent media outlets serving the State or jurisdiction. The Facility Privacy Officer will work with the UHS Corporate Compliance Office for notifications involving 500 or more individuals. Deadline for Media Notification: Except in the case of a law enforcement delay as described below, the Facility will provide the media notification required above without unreasonable delay and in no case later than 60 calendar days after discovery of a breach. Content of Notification: The Notification to the Media will include the same information as is required for the Notification to Individuals. 5. Notification to the Secretary of HHS The Facility will, following the discovery of a breach of unsecured PHI, notify the Secretary of the U.S. Department of Health and Human Services, as follows: Breaches Involving 500 or More Individuals: For breaches of unsecured PHI involving 500 or more individuals, the Facility will, except as required for a law enforcement delay as described below, provide notification to the HHS Secretary contemporaneously with the Notification to Individuals, and in the manner prescribed on the HHS Web site. The Facility Privacy Officer will work with the UHS Corporate Compliance Office on breaches involving 500 or more individuals. Breaches Involving Less Than 500 Individuals: For breaches of unsecured PHI involving less than 500 individuals, the Facility will maintain a log or other documentation of such breaches and, no later than 60 days after the end of each calendar year, provide the notification required for breaches discovered during the preceding calendar year, in the manner prescribed on the HHS Web site. As previously stated, the Facility Privacy

6 Officer will contact the UHS Corporate Compliance Office to review the reporting of any breaches. 6. Notification to Consumer Reporting Agencies If 1000 or more individuals are affected and require notification at one time, the Facility must notify, without unreasonable delay, national Consumer Reporting Agencies (that compile or maintain files on consumers on a nationwide basis) of the timing, distribution, and content of the notifications. The Facility Privacy Officer will work with the UHS Corporate Compliance Office on these notifications. Notification by a Business Associate A Business Associate will be required, following the discovery of a breach of unsecured PHI, to notify the Facility of such breach in accordance with the procedure set forth in their Business Associate Agreement and as required by law. Law Enforcement Delay If a law enforcement official states to the Facility or Business Associate that a notification, notice, or posting required under this policy would impede a criminal investigation or cause damage to national security, the Facility or Business Associate will: 1. If the statement is in writing and specifies the time for which a delay is required, delay such notification, notice, or posting for the time period specified by the official; or 2. If the statement is made orally, document the statement, including the identity of the official making the statement, and delay the notification, notice, or posting temporarily and no longer than 30 days from the date of the oral statement, unless a written statement as described above is submitted during that time. Additional State Law Notification Requirements State law may impose additional breach notification requirements. If the Facility has any questions regarding its state requirements for breach notification, it will contact the UHS Corporate Compliance Office. References: 45 C.F.R. Subpart D

7 Related UHS Policies: UHS Privacy 16.0 Disclosures for Law Enforcement Purposes UHS Privacy 18.0 Patient Rights Under the HIPAA Privacy Rule UHS Privacy 27.0 Business Associate Agreements Revision Dates: ; ; Implementation Date: Reviewed and Approved by: UHS Compliance Committee

45 CFR Part 164. Interim Final Rule Breach Notification for Unsecured Protected Health Information

45 CFR Part 164. Interim Final Rule Breach Notification for Unsecured Protected Health Information 45 CFR Part 164 Interim Final Rule Breach Notification for Unsecured Protected Health Information Full Preamble and Rule at http://edocket.access.gpo.gov/2009/pdf/e9-20169.pdf The Interim Final Rule also

More information

OCR Phase II Audit Protocol Breach Notification. HIPAA COW Spring Conference 2017 Page 1 Boerner Consulting, LLC

OCR Phase II Audit Protocol Breach Notification. HIPAA COW Spring Conference 2017 Page 1 Boerner Consulting, LLC Audit Type Section Key Activity Established Performance Criteria Audit Inquiry 12 Samples Requested Breach 164.414(a) Administrative 164.414(a) 164.414(a) 5 Inquiry of Mgmt Requirements Administrative

More information

HIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES

HIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES SALISH BHO HIPAA, 42 CFR PART 2, AND MEDICAID COMPLIANCE STANDARDS POLICIES AND PROCEDURES Policy Name: BREACH NOTIFICATION REQUIREMENTS Policy Number: 5.16 Reference: 45 CFR Parts 164 Effective Date:

More information

Interim Date: July 21, 2015 Revised: July 1, 2015

Interim Date: July 21, 2015 Revised: July 1, 2015 HIPAA/HITECH Page 1 of 7 Effective Date: September 23, 2009 Interim Date: July 21, 2015 Revised: July 1, 2015 Approved by: James E. K. Hildreth, Ph.D., M.D. President and Chief Executive Officer Subject:

More information

Changes to HIPAA Privacy and Security Rules

Changes to HIPAA Privacy and Security Rules Changes to HIPAA Privacy and Security Rules STEPHEN P. POSTALAKIS BLAUGRUND, HERBERT AND MARTIN 300 WEST WILSON BRIDGE ROAD, SUITE 100 WORTHINGTON, OHIO 43085 SPP@BHMLAW.COM PERSONNEL COUNCIL FRANKLIN

More information

The Guild for Exceptional Children HIPAA Breach Notification Policy and Procedure

The Guild for Exceptional Children HIPAA Breach Notification Policy and Procedure The Guild for Exceptional Children HIPAA Breach Notification Policy and Procedure Purpose To provide for notification in the case of breaches of Unsecured Protected Health Information ( Unsecured PHI )

More information

OVERVIEW OF RECENT CHANGES IN HIPAA AND OHIO PRIVACY LAWS

OVERVIEW OF RECENT CHANGES IN HIPAA AND OHIO PRIVACY LAWS Franklin J. Hickman Janet L. Lowder David A. Myers Elena A. Lidrbauch Judith C. Saltzman Mary B. McKee Amanda M. Buzo Lisa Montoni Garvin Andrea Aycinena Penton Building 1300 East Ninth Street Suite 1020

More information

New. To comply with HIPAA notice requirements, all Providence covered entities shall follow, at a minimum, the specifications described below.

New. To comply with HIPAA notice requirements, all Providence covered entities shall follow, at a minimum, the specifications described below. Subject: Protected Health Information Breach Notification Policy Department: Enterprise Risk Management Services Executive Sponsor: SVP/Chief Risk Officer Approved by: Rod Hochman, MD President/CEO Policy

More information

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

NOTIFICATION OF PRIVACY AND SECURITY BREACHES NOTIFICATION OF PRIVACY AND SECURITY BREACHES Overview The UT Health Science Center at San Antonio (Health Science Center) is required to report all breaches of protected health information and personally

More information

Breach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule

Breach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule Breach Policy To provide guidance for breach notification when impressive or unauthorized access, acquisition, use and/or disclosure of the ephi occurs. Breach notification will be carried out in compliance

More information

Patient Breach Letter Content Requirements

Patient Breach Letter Content Requirements Patient Breach Letter Content Requirements The final breach regulations, effective September 23, 2009, required that the patient whose information was accessed, used or released in an inappropriate manner

More information

HITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government

HITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government HITECH and HIPAA: Highlights for Health Departments Aimee Wall UNC School of Government When Congress enacted sweeping legislation in February designed to stimulate the nation s economy, it incorporated

More information

x Major revision of existing policy Reaffirmation of existing policy

x Major revision of existing policy Reaffirmation of existing policy Name of Policy: Reporting of Security Breach of Protected Health Information including Personal Health Information Policy Number: 3364-90-15 Approving Officer: Executive Vice President of Clinical Affairs

More information

H E A L T H C A R E L A W U P D A T E

H E A L T H C A R E L A W U P D A T E L O U I S V I L L E. K Y S E P T E M B E R 2 0 0 9 H E A L T H C A R E L A W U P D A T E L E X I N G T O N. K Y B O W L I N G G R E E N. K Y N E W A L B A N Y. I N N A S H V I L L E. T N M E M P H I S.

More information

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel HIPAA Training HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel Agenda HIPAA basics HITECH highlights Questions and discussion HIPAA Basics Legal Basics Health Insurance Portability

More information

Interpreters Associates Inc. Division of Intérpretes Brasil

Interpreters Associates Inc. Division of Intérpretes Brasil Interpreters Associates Inc. Division of Intérpretes Brasil Adherence to HIPAA Agreement Exhibit B INDEPENDENT CONTRACTOR PRIVACY AND SECURITY PROTECTIONS RECITALS The purpose of this Agreement is to enable

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS This HIPAA Business Associate Agreement ( BAA ) is entered into on this day of, 20 ( Effective Date ), by and between Allscripts

More information

Definitions: Policy: Procedure:

Definitions: Policy: Procedure: PRIVACY 23.0 ACCOUNTING OF DISCLOSURES Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and others who have direct or indirect access to

More information

AFTER THE OMNIBUS RULE

AFTER THE OMNIBUS RULE AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan Member

More information

HIPAA Breach Notice Rules New notice requirements for HIPAA covered entities when there is a breach of Protected Health Information (PHI)

HIPAA Breach Notice Rules New notice requirements for HIPAA covered entities when there is a breach of Protected Health Information (PHI) HIPAA Breach Notice Rules New notice requirements for HIPAA covered entities when there is a breach of Protected Health Information (PHI) On August 24, 2009, the Department of Health and Human Services

More information

ARRA s Amendments to HIPAA Privacy & Security Rules

ARRA s Amendments to HIPAA Privacy & Security Rules ARRA s Amendments to HIPAA Privacy & Security Rules Georgina L. O Hara Jessica R. Bernanke April 29, 2009 www.morganlewis.com Amended HIPAA Privacy and Security Rules HIPAA Amendments are in The Health

More information

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 Pat Henrikson, Banner Health HIPAA Compliance Program Director, Chief Privacy Officer Agenda Background

More information

HIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school

HIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school ASPPR The omnibus rule greatly enhances a patient s privacy protections, provides individuals new rights to their health information, and strengthens the government s ability to enforce the law. The changes

More information

Business Associate Agreement

Business Associate Agreement This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement

More information

HIPAA OMNIBUS FINAL RULE

HIPAA OMNIBUS FINAL RULE HIPAA OMNIBUS FINAL RULE Webinar Series Part 3 Breach Notification April 16, 2013 I. BACKGROUND 2 1 Background > HIPAA Omnibus Final Rule: Announced on January 17, 2013 Published in Federal Register on

More information

The American Recovery Reinvestment Act. and Health Care Reform Puzzle

The American Recovery Reinvestment Act. and Health Care Reform Puzzle The American Recovery Reinvestment Act and Health Care Reform Puzzle Carolyn Heyman-Layne Alaska HCCA Conference March 1, 2012 Comparison of Breach Notification Provisions in the HITECH Act 1 and the Alaska

More information

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment

More information

HITECH and Stimulus Payment Update

HITECH and Stimulus Payment Update HITECH and Stimulus Payment Update David S. Szabo Agenda HIPAA Breach Notification Rules HITECH and Meaningful Use Open Question Period 2 Data Security Breaches A total of 245,216,093 records containing

More information

Management Alert Final HIPAA Regulations Issued

Management Alert Final HIPAA Regulations Issued Management Alert Final HIPAA Regulations Issued After much anticipation, the Department of Health and Human Services (HHS) has issued its omnibus set of final regulations modifying and clarifying the privacy,

More information

FACT Business Associate Agreement

FACT Business Associate Agreement Policy Document #: 2.1.003 Revision: 3 Valid Date: 27June2012 Page 1 of 2 Effective Date: 27Jun2012 FACT Business Associate Agreement 1.0 Purpose The purpose of this document is to establish terms for

More information

JOTFORM HIPAA BUSINESS ASSOCIATE AGREEMENT

JOTFORM HIPAA BUSINESS ASSOCIATE AGREEMENT JOTFORM HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( HIPAA BAA ) is made between JotForm, Inc., ( JotForm ) and {YourCompanyName} ( Covered Entity or Customer ) as an agreement

More information

Fifth National HIPAA Summit West

Fifth National HIPAA Summit West Fifth National HIPAA Summit West Privacy and Security under the HITECH Act W. Reece Hirsch Paul T. Smith, Partner, Partner, Hooper, Lundy & Bookman 1 Developments The Health Information Technology for

More information

New HIPAA Breach Rules NAHU presents the WHAT and WHYs. Agenda

New HIPAA Breach Rules NAHU presents the WHAT and WHYs. Agenda New HIPAA Breach Rules NAHU presents the WHAT and WHYs Presenters: David Smith JD, Vice President, Ebenconcepts Tom Jacobs JD, co-ceo eflexgroup Moderator: Ric Joyner CEBS CFCI, co-ceo, eflexgroup 1 Agenda

More information

An Overview of the Impact of the American Recovery and Reinvestment Act of 2009 on the HIPAA Medical Privacy and Security Rules

An Overview of the Impact of the American Recovery and Reinvestment Act of 2009 on the HIPAA Medical Privacy and Security Rules Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. An Overview of the Impact of the American Recovery and Reinvestment Act of 2009 on the HIPAA Medical Privacy and Security Rules Alden J. Bianchi Updated

More information

OMNIBUS RULE ARRIVES

OMNIBUS RULE ARRIVES AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule is here Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan

More information

MONTCLAIR STATE UNIVERSITY HIPAA PRIVACY POLICY. Approved by the Montclair State University Board of Trustees on April 3, 2014

MONTCLAIR STATE UNIVERSITY HIPAA PRIVACY POLICY. Approved by the Montclair State University Board of Trustees on April 3, 2014 MONTCLAIR STATE UNIVERSITY HIPAA PRIVACY POLICY Approved by the Montclair State University Board of Trustees on April 3, 2014 Table of Contents Page I. PURPOSE... 1 II. WHO IS SUBJECT TO THIS POLICY...

More information

The HHS Breach Final Rule Is Out What s Next?

The HHS Breach Final Rule Is Out What s Next? The HHS Breach Final Rule Is Out What s Next? Webinar September 16, 2009 Practical Tools for Seminar Learning Copyright 2009 American Health Information Management Association. All rights reserved. Disclaimer

More information

Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA)

Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA) Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA) This Business Associate Agreement (the Agreement ) is made and entered into by and between Washington Dental Service

More information

SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT

SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT (Revised on March 1, 2016) THIS HIPAA SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT (the BAA ) is entered into on (the Effective Date ), by and between ( EMR ),

More information

Compliance Steps for the Final HIPAA Rule

Compliance Steps for the Final HIPAA Rule Brought to you by The Alpha Group for the Final HIPAA Rule On Jan. 25, 2013, the Department of Health and Human Services (HHS) issued a final rule under HIPAA s administrative simplification provisions.

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ), is between Birch Family Services, Inc., a New York not-for-profit corporation ( Covered Entity ) and ( Business Associate

More information

HITECH Poses Important Challenges... Are You Compliant?

HITECH Poses Important Challenges... Are You Compliant? Presents a Webinar HITECH Poses Important Challenges... Are You Compliant? A program for Clinic and Hospital Administrators, Risk Managers, and other interested staff. Joint Sponsor Kansas Hospital Association

More information

[Name of Organization] HIPAA Incident/Breach Investigation Procedure 4

[Name of Organization] HIPAA Incident/Breach Investigation Procedure 4 Addendum II [Name of Organization] HIPAA Incident/Breach Investigation Procedure 4 I. Purpose To distinguish between (1) cases in which our HIPAA policy was not correctly followed but such violation did

More information

BUSINESS ASSOCIATE AGREEMENT W I T N E S S E T H:

BUSINESS ASSOCIATE AGREEMENT W I T N E S S E T H: BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( this Agreement ) is made and entered into as of this day of 2015, by and between TIDEWELL HOSPICE, INC., a Florida not-for-profit corporation,

More information

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS This HIPAA Business Associate Agreement ( BA Agreement ), effective as of the last date written on the signature page attached

More information

Containing the Outbreak: HIPAA Implications of a Data Breach. Jason S. Rimes. Orlando, Florida

Containing the Outbreak: HIPAA Implications of a Data Breach. Jason S. Rimes. Orlando, Florida Containing the Outbreak: HIPAA Implications of a Data Breach Orlando, Florida www.lowndes-law.com Jason S. Rimes 2013 Lowndes, Drosdick, Doster, Kantor & Reed, P.A. All Rights Reserved Protected Health

More information

The Impact of the Stimulus Act on HIPAA Privacy and Security

The Impact of the Stimulus Act on HIPAA Privacy and Security The Impact of the Stimulus Act on Webinar March 12, 2009 Practical Tools for Seminar Learning Copyright 2009 American Health Information Management Association. All rights reserved. Disclaimer The American

More information

HIPAA BUSINESS ASSOCIATE ADDENDUM

HIPAA BUSINESS ASSOCIATE ADDENDUM HIPAA BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( BAA ) is made between Cognito, LLC., a South Carolina corporation ( Cognito Forms ) and {OrganizationLegalName} ( Covered Entity or

More information

ALERT. November 20, 2009

ALERT. November 20, 2009 ALERT HIPAA PRIVACY FOR EMPLOYERS HAS CHANGED. IMMEDIATE ACTION IS REQUIRED. November 20, 2009 The American Recovery and Reinvestment Act of 2009 ( ARRA ) also known as the Economic Stimulus Bill made

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (this Agreement ) is entered into on the Effective Date of the Azalea Health Software as a Service Agreement and/or Billing Service Provider

More information

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 Reasons for HIPAA Privacy Rules Perceived need for protection

More information

ARTICLE 1. Terms { ;1}

ARTICLE 1. Terms { ;1} The parties agree that the following terms and conditions apply to the performance of their obligations under the Service Contract into which this Exhibit is being incorporated. Contractor is providing

More information

GUIDE TO PATIENT PRIVACY AND SECURITY RULES

GUIDE TO PATIENT PRIVACY AND SECURITY RULES AMERICAN ASSOCIATION OF ORTHODONTISTS GUIDE TO PATIENT PRIVACY AND SECURITY RULES I. INTRODUCTION The American Association of Orthodontists ( AAO ) has prepared this Guide and the attachment to assist

More information

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors CLIENT UPDATE February 20, 2013 HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors On January 25, 2013, the U.S. Department of Health and Human Services ( DHHS )

More information

HIPAA & HITECH Privacy & Security. Volunteer Annual Review 2017

HIPAA & HITECH Privacy & Security. Volunteer Annual Review 2017 HIPAA & HITECH Privacy & Security Volunteer Annual Review 2017 HIPAA In 1996, state and federal governments enacted protection for patient health information by signing into law the Health Insurance Portability

More information

NO , Chapter 7 TALLAHASSEE, January 6, 2014 HIPAA BREACH NOTIFICATION PROCEDURES

NO , Chapter 7 TALLAHASSEE, January 6, 2014 HIPAA BREACH NOTIFICATION PROCEDURES CFOP 60-17, Chapter 7 STATE OF FLORIDA DEPARTMENT OF CF OPERATING PROCEDURE CHILDREN AND FAMILIES NO. 60-17, Chapter 7 TALLAHASSEE, January 6, 2014 HIPAA BREACH NOTIFICATION PROCEDURES 7-1. Purpose. This

More information

USE AND DISCLOSURE REQUIRING AUTHORIZATION. Identifies when Facilities may use and disclose PHI of patients pursuant to an Authorization.

USE AND DISCLOSURE REQUIRING AUTHORIZATION. Identifies when Facilities may use and disclose PHI of patients pursuant to an Authorization. PRIVACY 3.0 USE AND DISCLOSURE REQUIRING AUTHORIZATION Scope: Purpose: All workforce members (employees and non-employees), including employed medical staff, management, and others who have direct or indirect

More information

RECITALS. In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows:

RECITALS. In consideration of the mutual promises below and the exchange of information pursuant to this BAA, the Parties agree as follows: This Business Associate Agreement ( BAA ) is entered into by and between NORCAL Mutual Insurance Company ( NORCAL ) and Insured/Applicant ( Covered Entity ) and is effective as of September 23 rd, 2013

More information

Changes to HIPAA Under the Omnibus Final Rule

Changes to HIPAA Under the Omnibus Final Rule Changes to HIPAA Under the Omnibus Final Rule Kimberly J. Kannensohn and Nathan A. Kottkamp, McGuireWoods 1 The Long-Awaited HIPAA Final Rule On Jan. 17, 2013, the Department of Health and Human Services

More information

Georgia Health Information Network, Inc. Georgia ConnectedCare Policies

Georgia Health Information Network, Inc. Georgia ConnectedCare Policies Georgia Health Information Network, Inc. Georgia ConnectedCare Policies Version History Effective Date: August 28, 2013 Revision Date: August 2014 Originating Work Unit: Health Information Technology Health

More information

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by HIPAA Omnibus Rule Critical Changes for Providers Presented by Susan A. Miller, JD Hosted by agenda What the Omnibus Rule includes + Effective and Compliance Dates Security Breach Notification Enforcement

More information

HIPAA Basic Training for Health & Welfare Plan Administrators

HIPAA Basic Training for Health & Welfare Plan Administrators 2010 Human Resources Seminar HIPAA Basic Training for Health & Welfare Plan Administrators Norbert F. Kugele What We re going to Cover Important basic concepts Who needs to worry about HIPAA? Complying

More information

Practical. PPACA, HIPAA and Federal Health Benefit Mandates:

Practical. PPACA, HIPAA and Federal Health Benefit Mandates: PPACA, HIPAA and Federal Health Benefit Mandates: Practical Q&A The Patent Protection and Affordable Care Act (PPACA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other

More information

HIPAA The Health Insurance Portability and Accountability Act of 1996

HIPAA The Health Insurance Portability and Accountability Act of 1996 HIPAA The Health Insurance Portability and Accountability Act of 1996 Results Physiotherapy s policy regarding privacy and security of protected health information (PHI) is a reflection of our commitment

More information

HIPAA Business Associate Agreement

HIPAA Business Associate Agreement HIPAA Business Associate Agreement ICANotes LLC doing business at 1600 St Margarets Rd, Annapolis MD 21409 and, doing business at are parties to a Business Associate arrangement as defined under the Health

More information

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V. HIPAA Compliance: Privacy and Security Changes under HITECH Mary V. Bauman www.millerjohnson.com The materials and information have been prepared for informational purposes only. This is not legal advice,

More information

Compliance Steps for the Final HIPAA Rule

Compliance Steps for the Final HIPAA Rule Compliance Steps for the Final HIPAA Rule On Jan. 25, 2013, the Department of Health and Human Services (HHS) issued a final rule under HIPAA s administrative simplification provisions. The final rule

More information

AGREEMENT PURSUANT TO THE TERMS OF HIPAA ; HITECH ; and FIPA (Business Associate Agreement) (Revised August 2015)

AGREEMENT PURSUANT TO THE TERMS OF HIPAA ; HITECH ; and FIPA (Business Associate Agreement) (Revised August 2015) AGREEMENT PURSUANT TO THE TERMS OF HIPAA ; HITECH ; and FIPA (Business Associate Agreement) (Revised August 2015) THIS AGREEMENT made the day of, 20, by and between HOSPICE OF MARION COUNTY, INC., a Florida

More information

Nancy Davis, Ministry Health Care Peg Schmidt, Aurora Health Care Teresa Smithrud, Mercy Health System

Nancy Davis, Ministry Health Care Peg Schmidt, Aurora Health Care Teresa Smithrud, Mercy Health System Nancy Davis, Ministry Health Care Peg Schmidt, Aurora Health Care Teresa Smithrud, Mercy Health System Thomas N. Shorter, Godfrey & Kahn, S.C. 1 Today s panel discussion addresses the HIPAA/HITECH Omnibus

More information

Business Associate Agreement For Protected Healthcare Information

Business Associate Agreement For Protected Healthcare Information Business Associate Agreement For Protected Healthcare Information This Business Associate Agreement ( Agreement ) is entered into this 24th day of February 2017, between PRACTICE-WEB, Inc., a California

More information

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know 1801 California Street Suite 4900 Denver, CO 80202 303-830-1776 Facsimile 303-894-9239 MEMORANDUM To: Adam Finkel, Assistant Director, Government Relations, NCRA From: Mel Gates Date: December 23, 2013

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES Original Effective Date: April 14, 2003 Effective Date of Last Revision: August 30, 2013 I. THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) by and between (hereinafter known as Covered Entity ) and Office Ally, Inc., a clearinghouse Covered Entity under HIPAA, providing

More information

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013 HIPAA Privacy & Security 2013 Omnibus Final Rule update Dan Taylor, Infinisource Copyright 2013 All rights reserved. Highlights from Final Rules January 25, 2013 Made business associates directly liable

More information

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule 1 IMPORTANCE OF STAFF TRAINING HIPAA staff training is a key, required element in a covered entity's HIPAA

More information

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 The Impact of Final Omnibus HIPAA/HITECH Rules Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 0 Disclaimer The material in this presentation is not meant to be construed as legal advice

More information

HIPAA STUDENT ASSOCIATE AGREEMENT

HIPAA STUDENT ASSOCIATE AGREEMENT HIPAA STUDENT ASSOCIATE AGREEMENT This Agreement dated as of, 20 is made by and between Petaluma Health Center (Hereinafter Covered Entity ) and (Hereinafter Student ). INTRODUCTION This Agreement governs

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is entered into this 22 nd day of September, 2014 ( Effective Date ), by and between Customer_Name with a place of business

More information

BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)

BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate) BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate) This HIPAA Business Associate Agreement ( Agreement ) is entered into this day of, 20, by and between

More information

COMMONWEALTH OF PENNSYLVANIA BUSINESS ASSOCIATE ADDENDUM

COMMONWEALTH OF PENNSYLVANIA BUSINESS ASSOCIATE ADDENDUM APPENDIX J Rev dated 11/24/2014 COMMONWEALTH OF PENNSYLVANIA BUSINESS ASSOCIATE ADDENDUM WHEREAS, the Pennsylvania Department of Human Services (Covered Entity) and Contractor (Business Associate) intend

More information

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013! Coping with, and Taking Advantage of, HIPAA s New Rules!!! Deven McGraw Director, Health Privacy Project April 19, 2013! Status of Federal Privacy Regulations! Omnibus Rule (Data Breach, Enforcement, HITECH,

More information

HIPAA Privacy Overview

HIPAA Privacy Overview HIPAA Privacy Overview Benefit Advisors Network Stacy H. Barrow sbarrow@marbarlaw.com February 8, 2017 2017 Marathas Barrow Weatherhead Lent LLP. All Rights Reserved. 1 Overview of Presentation HIPAA Overview

More information

NETWORK PARTICIPATION AGREEMENT

NETWORK PARTICIPATION AGREEMENT NETWORK PARTICIPATION AGREEMENT THIS NETWORK PARTICIPATION AGREEMENT ( Agreement ) is entered into on the date(s) indicated below, by and between the undersigned physician (hereinafter Physician ; and

More information

UNITED WORKERS HEALTH FUND 50 CHARLES LINDBERGH BLVD. SUITE 207 UNIONDALE, NY 11553

UNITED WORKERS HEALTH FUND 50 CHARLES LINDBERGH BLVD. SUITE 207 UNIONDALE, NY 11553 UNITED WORKERS HEALTH FUND 50 CHARLES LINDBERGH BLVD. SUITE 207 UNIONDALE, NY 11553 Tel: 516-740-5325 tnl@dickinsongrp.com Fax: 516-740-5326 REVISED NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW

More information

Texas Tech University Health Sciences Center HIPAA Privacy Policies

Texas Tech University Health Sciences Center HIPAA Privacy Policies Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 Reviewed Date: August 7, 2017 References: http://www.hhs.gov/ocr/hippa HSC HIPAA website http://www.ttuhsc.edu/hipaa/policies_procedures.aspx

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (this Agreement ) is made effective as of the of, (the Effective Date ), by and between day hereafter referred to as ( Business Associate

More information

GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do

GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do By D Arcy Guerin Gue, Phoenix Health Systems, a division of Medsphere Systems Corporation With Steven J. Fox, Post & Schell Originally commissioned

More information

HIPAA Breach Notification Case Studies on What to Do and When to Report

HIPAA Breach Notification Case Studies on What to Do and When to Report HIPAA Breach Notification Case Studies on What to Do and When to Report AHLA Physicians and Physician Organizations and Hospitals and Health Systems Law Institute February 9 and10, 2012 Colleen M. McClorey,

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Agreement is by and between The Health Plan ( Plan ) and Priority Health Managed Benefits, Inc., a Michigan Third Party Administrator ( Business Associate

More information

Determining Whether You Are a Business Associate

Determining Whether You Are a Business Associate The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information

More information

BUSINESS ASSOCIATE AGREEMENT Between THE NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and

BUSINESS ASSOCIATE AGREEMENT Between THE NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and BUSINESS ASSOCIATE AGREEMENT Between THE NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and WHEREAS, Dallas County, Tarrant County, Denton County, Parker County, the North Texas Tollway Authority have created

More information

HIPAA Privacy and Security Rules

HIPAA Privacy and Security Rules HIPAA Privacy and Security Rules HIPAA Compliance Bootcamp (5/16) This presentation is similar to any other legal education materials designed to provide general information on pertinent legal topics.

More information

Highlights of the Omnibus HIPAA/HITECH Final Rule

Highlights of the Omnibus HIPAA/HITECH Final Rule Highlights of the Omnibus HIPAA/HITECH Final Rule Health Law Whitepaper Katherine M. Layman 215.665.2746 klayman@cozen.com Gregory M. Fliszar 215.665.7276 gfliszar@cozen.com Judy Wang Mayer 215.665.4737

More information

HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.

HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015. HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015. PURPOSE OF PRESENTATION To Discuss Laws Governing Use and Disclosure

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ) is effective by and between CRESTPOINT HEALTH INSURANCE COMPANY, on behalf of itself and its affiliates (collectively, Covered

More information

Texas Tech University Health Sciences Center El Paso HIPAA Privacy Policies

Texas Tech University Health Sciences Center El Paso HIPAA Privacy Policies Administration Policy 1.1 Glossary of Terms - HIPAA Effective Date: January 15, 2015 References: http://www.hhs.gov/ocr/hipaa TTUHSC El Paso HIPAA website: http://elpaso.ttuhsc.edu/hipaa/ Policy Statement

More information

HIPAA & The Medical Practice

HIPAA & The Medical Practice HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, JD, MHA, CHA Founder & Principal, Campanella Law Office Of Counsel, The Beinhaker Law Firm BEINHAKER,

More information

The HIPAA Omnibus Rule

The HIPAA Omnibus Rule The HIPAA Omnibus Rule NOTE: Make sure your computer speakers are turned ON. Audio will be streaming through your speakers. If you do not have computer speakers, call the ACCMA at 510-654-5383 for alternatives.

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ) is by and between You, the Covered Entity ( Covered Entity ), and Paubox, Inc. ( Business Associate ). This BAA is effective

More information

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205) HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 REASONS FOR HIPAA PRIVACY RULES Perceived need for protection of individual health information

More information